← Back to branch summary

~ubuntu-branches/ubuntu/quantal/libav/quantal-updates

« back to all changes in this revision

Viewing changes to libavcodec/aacdec.c

  • Committer: Package Import Robot
  • Author(s): Micah Gersten
  • Date: 2012-03-21 21:18:24 UTC
  • mfrom: (1.2.10)
  • Revision ID: package-import@ubuntu.com-20120321211824-n63p3v3s99q3mxrb
Tags: 4:0.8.1-0ubuntu1
https://launchpad.net/bugs/960949
* New upstream bug and security fix release (FFe: LP: #960949)
  - fixes the following CVEs:
    CVE-2012-0848, CVE-2012-0853, CVE-2012-0858, CVE-2011-3929,
    CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3945,
    CVE-2011-3947, CVE-2011-3951, CVE-2011-3952

* Pull fix from Debian git to fix installation of avserver.conf and
  recordshow.sh into libav-tools; Thanks to Julien Cristau for spotting this!
  - update debian/rules

Show diffs side-by-side

added added

removed removed

Lines of Context:
libavcodec/aacdec.c
807
807
                av_log(ac->avctx, AV_LOG_ERROR, "invalid band type\n");
808
808
                return -1;
809
809
            }
810
 
            while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1)
 
810
            do {
 
811
                sect_len_incr = get_bits(gb, bits);
811
812
                sect_end += sect_len_incr;
812
 
            sect_end += sect_len_incr;
813
 
            if (get_bits_left(gb) < 0) {
814
 
                av_log(ac->avctx, AV_LOG_ERROR, overread_err);
815
 
                return -1;
816
 
            }
817
 
            if (sect_end > ics->max_sfb) {
818
 
                av_log(ac->avctx, AV_LOG_ERROR,
819
 
                       "Number of bands (%d) exceeds limit (%d).\n",
820
 
                       sect_end, ics->max_sfb);
821
 
                return -1;
822
 
            }
 
813
                if (get_bits_left(gb) < 0) {
 
814
                    av_log(ac->avctx, AV_LOG_ERROR, overread_err);
 
815
                    return -1;
 
816
                }
 
817
                if (sect_end > ics->max_sfb) {
 
818
                    av_log(ac->avctx, AV_LOG_ERROR,
 
819
                           "Number of bands (%d) exceeds limit (%d).\n",
 
820
                           sect_end, ics->max_sfb);
 
821
                    return -1;
 
822
                }
 
823
            } while (sect_len_incr == (1 << bits) - 1);
823
824
            for (; k < sect_end; k++) {
824
825
                band_type        [idx]   = sect_band_type;
825
826
                band_type_run_end[idx++] = sect_end;